Collecting Cyber-News from over 60 sources

Tag: openai

ChatGPT Down as Users Report >>Gateway Time-out<< Error

Mar 17, 2025 9:54 PM

by

Andy Stern

in SecurityNews

Tags: ai, chatgpt, openai, service

ChatGPT Down: Users report “Gateway time-out” errors. OpenAI’s popular AI chatbot is experiencing widespread outages. Stay updated on the service disruption. First seen on hackread.com Jump to article: hackread.com/chatgpt-down-as-users-report-gateway-time-out-error/
Google, OpenAI Push Urges Trump to Ease AI Export Controls

Mar 17, 2025 6:52 PM

by

Andy Stern

in SecurityNews

Tags: ai, control, google, openai, regulation

AI Giants Also Like ‘Fair Use’ Exemptions for Copyrighted Material. OpenAI and Google laid out visions for regulation in response to the Trump administration’s AI Action Plan, which aims to help the United States maintain technological lead over China. Both companies want Biden-era export controls lightened. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/google-openai-push-urges-trump-to-ease-ai-export-controls-a-27739
AI Operator Agents Helping Hackers Generate Malicious Code

Mar 17, 2025 1:52 PM

by

Andy Stern

in SecurityNews

Tags: ai, attack, cyber, hacker, malicious, openai, phishing, threat, tool

Symantec’s Threat Hunter Team has demonstrated how AI agents like OpenAI’s Operator can now perform end-to-end phishing attacks with minimal human intervention, marking a significant evolution in AI-enabled threats. A year ago, Large Language Model (LLM) AIs were primarily passive tools that could assist attackers in creating phishing materials or writing code. Now, with the…
Invisible C2″Š”, “Šthanks to AI-powered techniques

Mar 15, 2025 10:52 AM

by

Andy Stern

in SecurityNews

Tags: ai, api, attack, breach, business, chatgpt, cloud, communications, control, cyberattack, cybersecurity, data, defense, detection, dns, edr, email, encryption, endpoint, hacker, iot, LLM, malicious, malware, ml, monitoring, network, office, openai, powershell, service, siem, soc, strategy, threat, tool, update, vulnerability, zero-trust

Invisible C2″Š”, “Šthanks to AI-powered techniques Just about every cyberattack needs a Command and Control (C2) channel”Š”, “Ša way for attackers to send instructions to compromised systems and receive stolen data. This gives us all a chance to see attacks that are putting us at risk. LLMs can help attackers avoid signature based detection Traditionally, C2…
OpenAI’s Operator AI agent can be used in phishing attacks, say researchers

Mar 14, 2025 9:52 PM

by

Andy Stern

in SecurityNews

Tags: ai, attack, openai, phishing

First seen on scworld.com Jump to article: www.scworld.com/news/openais-operator-ai-agent-can-be-used-in-phishing-attacks-say-researchers
Symantec Demonstrates OpenAI’s Operator Agent in PoC Phishing Attack

Mar 14, 2025 7:52 PM

by

Andy Stern

in SecurityNews

Tags: ai, attack, openai, phishing, risk

Symantec demonstrates OpenAI’s Operator Agent in PoC phishing attack, highlighting AI security risks and the need for proper cybersecurity. First seen on hackread.com Jump to article: hackread.com/symantec-openai-operator-agent-poc-phishing-attack/
Symantec Uses OpenAI Operator to Show Rising Threat of AI Agents

Mar 14, 2025 7:52 PM

by

Andy Stern

in SecurityNews

Tags: ai, attack, cybersecurity, email, malicious, openai, phishing, powershell, threat

Symantec threat researchers used OpenAI’s Operator agent to carry out a phishing attack with little human intervention, illustrating the looming cybersecurity threat AI agents pose as they become more powerful. The agent learned how to write a malicious PowerShell script and wrote an email with the phishing lure, among other actions. First seen on securityboulevard.com…
DeepSeek R1 Jailbreaked to Create Malware, Including Keyloggers and Ransomware

Mar 14, 2025 1:52 PM

by

Andy Stern

in SecurityNews

Tags: ai, chatgpt, cyber, cybercrime, exploit, google, intelligence, malicious, malware, openai, ransomware, tool

The increasing popularity of generative artificial intelligence (GenAI) tools, such as OpenAI’s ChatGPT and Google’s Gemini, has attracted cybercriminals seeking to exploit these technologies for malicious purposes. Despite the guardrails implemented by traditional GenAI platforms to prevent misuse, cybercriminals have circumvented these restrictions by developing their own malicious large language models (LLMs), including WormGPT, FraudGPT,…
Breach Roundup: The Ivanti Patch Treadmill

Mar 13, 2025 9:53 PM

by

Andy Stern

in SecurityNews

Tags: android, apache, apple, breach, flaw, ivanti, malware, north-korea, openai, phishing, update

Also: Patch Tuesday, Equalize Scandal Figure Dies and Polymorphic Extension Attack. This week, Ivanti EPM customers should patch, Patch Tuesday, fake web browser extensions, North Korean Android malware, a key figure in Italy’s Equalize scandal dead of heart attack. Also, Apache Camel flaw, OpenAI’s agent automates phishing and Apple patched another zero day. First seen…
DeepSeek Deep Dive Part 1: Creating Malware, Including Keyloggers and Ransomware

Mar 13, 2025 7:52 PM

by

Andy Stern

in SecurityNews

Tags: ai, antivirus, api, chatgpt, china, cloud, computer, cryptography, cybercrime, cybersecurity, data, detection, encryption, google, guide, injection, intelligence, law, LLM, malicious, malware, monitoring, network, north-korea, open-source, openai, privacy, programming, ransomware, service, software, strategy, threat, tool, training, unauthorized, vulnerability, windows

Tenable Research examines DeepSeek R1 and its capability to develop malware, such as a keylogger and ransomware. We found it provides a useful starting point, but requires additional prompting and debugging. Background As generative artificial intelligence (GenAI) has increased in popularity since the launch of ChatGPT, cybercriminals have become quite fond of GenAI tools to…
OpenAI Operator Agent Used in ProofConcept Phishing Attack

Mar 13, 2025 2:52 PM

by

Andy Stern

in SecurityNews

Tags: attack, openai, phishing

Researchers from Symantec showed how OpenAI’s Operator agent, currently in research preview, can be used to construct a basic phishing attack from start to finish. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/openai-operator-agent-proof-concept-phishing-attack
Hackers Exploit Microsoft Copilot for Advanced Phishing Attacks

Mar 13, 2025 12:52 PM

by

Andy Stern

in SecurityNews

Tags: ai, attack, chatgpt, cyber, exploit, hacker, microsoft, openai, phishing, risk, service

Hackers have been targeting Microsoft Copilot, a newly launched Generative AI assistant, to carry out sophisticated phishing attacks. This campaign highlights the risks associated with the widespread adoption of Microsoft services and the challenges that come with introducing new technologies to employees, as per a report by Cofense. Microsoft Copilot, similar to OpenAI’s ChatGPT, is…
Attackers Can Manipulate AI Memory to Spread Lies

Mar 12, 2025 5:52 PM

by

Andy Stern

in SecurityNews

Tags: ai, attack, exploit, hacking, injection, openai

Tested on Three OpenAI Models, ‘Minja’ Has High Injection and Attack Rates. A memory injection attack dubbed Minja turns AI chatbots into unwitting agents of misinformation, requiring no hacking and just a little clever prompting. The exploit allows attackers to poison an AI model’s memory with deceptive information, potentially altering its responses for all users.…
Manus mania is here: Chinese ‘general agent’ is this week’s ‘future of AI’ and OpenAI-killer

Mar 11, 2025 8:54 PM

by

Andy Stern

in SecurityNews

Tags: ai, china, openai

Prompts see it scour the web for info and turn it into decent documents at reasonable speed First seen on theregister.com Jump to article: www.theregister.com/2025/03/10/manus_chinese_general_ai_agent/
MINJA sneak attack poisons AI models for other chatbot users

Mar 11, 2025 9:54 AM

by

Andy Stern

in SecurityNews

Tags: ai, attack, data, openai

Nothing like an OpenAI-powered agent leaking data or getting confused over what someone else whispered to it First seen on theregister.com Jump to article: www.theregister.com/2025/03/11/minja_attack_poisons_ai_model_memory/
UK CMA Halts Review of Microsoft, OpenAI Partnership

Mar 7, 2025 12:53 AM

by

Andy Stern

in SecurityNews

Tags: ai, computing, intelligence, microsoft, openai

Probe into Microsoft’s $13 Billion OpenAI Investment Launched in 2023. The U.K. antitrust regulator won’t open an investigation into a partnership between computing giant Microsoft and artificial intelligence company OpenAI. U.K. Competition Market Authority concludes that there is no relevant merger situation. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/uk-cma-halts-review-microsoft-openai-partnership-a-27666
We’re losing”Š”, “Šbut it can’t get any worse, right?

Mar 5, 2025 5:34 PM

by

Andy Stern

in SecurityNews

Tags: access, ai, antivirus, api, attack, chatgpt, cloud, control, crowdstrike, cybersecurity, defense, detection, edr, encryption, github, infection, injection, korea, LLM, malicious, malware, mandiant, ml, monitoring, network, north-korea, openai, phishing, powershell, service, social-engineering, threat, tool

We’re losing”Š”, “Šbut it can’t get any worse, right? LLMs are being used in many ways by attackers; how blind are you? We’re spending hundreds of billions and losing trillions in cybersecurity. The industry structure is partially to blame. AI is here to help, right? Well, as others have pointed out, AI is being adopted more rapidly…
Microsoft disrupted a global cybercrime ring abusing Azure OpenAI Service

Mar 1, 2025 6:34 PM

by

Andy Stern

in SecurityNews

Tags: access, ai, cybercrime, data-breach, malicious, microsoft, openai, service, tool, unauthorized

Microsoft exposed four individuals behind an Azure Abuse scheme using unauthorized GenAI access to create harmful content. Microsoft shared the names of four developers of malicious tools designed to bypass the guardrails of generative AI services, including Microsoft’s Azure OpenAI Service. Microsoft is taking legal action against these defendants, dismantling their operation, and curbing misuse…
GPT-4.5 Scores EQ Points, but Not Much Else

Feb 28, 2025 9:34 PM

by

Andy Stern

in SecurityNews

Tags: ai, openai

Model Appears to Be a Way Station on the Road to Something Greater. OpenAI on Thursday released its latest generative AI model, but don’t call it the next big thing just yet. More thoughtful, persuasive and emotionally intelligent, GPT-4.5 aims to feel less like an algorithm and more like a conversation partner. First seen on…
Microsoft targets AI deepfake cybercrime network in lawsuit

Feb 28, 2025 9:34 PM

by

Andy Stern

in SecurityNews

Tags: ai, api, breach, cybercrime, deep-fake, microsoft, network, openai, software

Microsoft alleges that defendants used stolen Azure OpenAI API keys and special software to bypass content guardrails and generate illicit AI deepfakes for payment. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366619781/Microsoft-targets-AI-deepfake-cybercrime-network-in-lawsuit
Microsoft files lawsuit against LLMjacking gang that bypassed AI safeguards

Feb 28, 2025 7:34 PM

by

Andy Stern

in SecurityNews

Tags: access, ai, api, breach, cloud, computing, credentials, cyber, cybercrime, exploit, google, LLM, microsoft, openai, service, threat, tool, vulnerability

LLMjacking can cost organizations a lot of money: LLMjacking is a continuation of the cybercriminal practice of abusing stolen cloud account credentials for various illegal operations, such as cryptojacking, abusing hacked cloud computing resources to mine cryptocurrency. The difference is that large quantities of API calls to LLMs can quickly rack up huge costs, with…
Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme

Feb 28, 2025 1:34 PM

by

Andy Stern

in SecurityNews

Tags: access, ai, cybercrime, intelligence, microsoft, openai, service, unauthorized

Microsoft on Thursday unmasked four of the individuals that it said were behind an Azure Abuse Enterprise scheme that involves leveraging unauthorized access to generative artificial intelligence (GenAI) services in order to produce offensive and harmful content.The campaign, called LLMjacking, has targeted various AI offerings, including Microsoft’s Azure OpenAI Service. The tech giant is First…
Microsoft names alleged credential-snatching ‘Azure Abuse Enterprise’ operators

Feb 28, 2025 5:34 AM

by

Andy Stern

in SecurityNews

Tags: cloud, credentials, deep-fake, microsoft, openai

Crew helped lowlifes generate X-rated celeb deepfakes using Redmond’s OpenAI-powered cloud claim First seen on theregister.com Jump to article: www.theregister.com/2025/02/28/microsoft_names_and_shames_4/
Does terrible code drive you mad? Wait until you see what it does to OpenAI’s GPT-4o

Feb 27, 2025 8:59 AM

by

Andy Stern

in SecurityNews

Tags: openai, software, vulnerability

Model was fine-tuned to write vulnerable software then suggested enslaving humanity First seen on theregister.com Jump to article: www.theregister.com/2025/02/27/llm_emergent_misalignment_study/
Researchers Jailbreak OpenAI o1/o3, DeepSeek-R1, and Gemini 2.0 Flash Models

Feb 25, 2025 2:23 PM

by

Andy Stern

in SecurityNews

Tags: attack, cyber, google, openai

Researchers from Duke University and Carnegie Mellon University have demonstrated successful jailbreaks of OpenAI’s o1/o3, DeepSeek-R1, and Google’s Gemini 2.0 Flash models through a novel attack method called Hijacking Chain-of-Thought (H-CoT). The research reveals how advanced safety mechanisms designed to prevent harmful outputs can be systematically bypassed using the models’ reasoning processes, raising urgent questions…
‘OpenAI’ Job Scam Targeted International Workers Through Telegram

Feb 25, 2025 1:23 PM

by

Andy Stern

in SecurityNews

Tags: finance, international, jobs, openai, scam

An alleged job scam, led by “Aiden” from “OpenAI,” recruited workers in Bangladesh for months before disappearing overnight, according to FTC complaints obtained by WIRED. First seen on wired.com Jump to article: www.wired.com/story/openai-job-scam/
OpenAI Purges ChatGPT Accounts: China and North Korea Weaponizing AI for Propaganda

Feb 25, 2025 5:22 AM

by

Andy Stern

in SecurityNews

Tags: ai, chatgpt, china, korea, north-korea, openai

OpenAI has confirmed that it has begun blocking accounts linked to Chinese and North Korean users who have First seen on securityonline.info Jump to article: securityonline.info/openai-purges-chatgpt-accounts-china-and-north-korea-weaponizing-ai-for-propaganda/
OpenAI bans ChatGPT accounts used by North Korean hackers

Feb 24, 2025 11:22 PM

by

Andy Stern

in SecurityNews

Tags: chatgpt, group, hacker, hacking, north-korea, openai

OpenAI says it blocked several North Korean hacking groups from using its ChatGPT platform to research future targets and find ways to hack into their networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/openai-bans-chatgpt-accounts-used-by-north-korean-hackers/
OpenAI cracks down on malicious ChatGPT usage

Feb 24, 2025 9:22 PM

by

Andy Stern

in SecurityNews

Tags: chatgpt, malicious, openai

First seen on scworld.com Jump to article: www.scworld.com/brief/openai-cracks-down-on-malicious-chatgpt-usage
China Using AI-Powered Surveillance Tools, Says OpenAI

Feb 24, 2025 8:23 PM

by

Andy Stern

in SecurityNews

Tags: ai, china, disinformation, intelligence, korea, north-korea, openai, threat, tool

Report Also Flags Threats Linked to North Korea, Iran. Chinese influence operations are using artificial intelligence to carry out surveillance and disinformation campaigns, OpenAI said in its latest threat report. The report details two major Chinese campaigns that misused AI tools, including OpenAI’s own models, to advance state-backed agendas. First seen on govinfosecurity.com Jump to…